A secure mobile application connection bus is disclosed. First encryption information and an identifier associated with a data storage location on a mobile device are provided from a first application to a second application. Second encryption information associated with the second mobile application is retrieved from the data storage location. The second mobile application is configured to provide data to the data storage location. Data is transferred securely between the first mobile application and the second mobile application via the data storage location.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A method of secure communication between mobile applications, comprising: providing, from a first mobile application to a second mobile application, via a first communication mechanism on a mobile device, a first encryption information and an identifier associated with a data storage location on the mobile device, wherein the data storage location is not associated with the first communication mechanism, and wherein providing comprises providing information using a uniform resource locator (URL) scheme associated with the second mobile application; retrieving by the first mobile application, from the data storage location, a second encryption information associated with the second mobile application, wherein the second mobile application is configured to provide the second encryption information to the data storage location at least in part in response to receiving the first encryption information and the identifier associated with the data storage location, and wherein the second mobile application is configured to generate and including in the second encryption information an application identifier associated with the second mobile application and an encrypted version of a first encryption key included by the first mobile application in the first encryption information; validating an identity of the second mobile application based at least in part on the application identifier included in the second encryption information; and transferring data securely between the first mobile application and the second mobile application via the data storage location by encrypting the data using a second encryption key included in the second encryption information.
2. The method of claim 1 , wherein providing comprises providing information to a location from which the second mobile application is configured to retrieve information.
3. The method of claim 1 , further comprising querying an operating system associated with the mobile device to identify the URL scheme associated with the second mobile application.
4. The method of claim 1 , wherein: the first encryption information includes a first public key associated with the first mobile application; and the second encryption information includes at least one credential associated with the second mobile application, a second public key associated with the second mobile application and an encrypted payload including the first public key.
5. The method of claim 1 , wherein one or more of the first mobile application and second mobile application are associated with a library configured to: retrieve information from the data storage location; and provide information to the data storage location.
6. The method of claim 5 , wherein the library is further configured to perform one or more of the following steps: applying one or more configuration changes in an application; enforcing one or more policies within the application; and executing one or more actions associated with the application.
7. The method of claim 1 , wherein the data comprises one or more of keychain data, a data file, and pasteboard data.
8. The method of claim 1 , wherein the data storage location comprises one or more of a pasteboard, a shared keychain, and a storage location associated with a framework native to the device.
9. The method of claim 1 , wherein transferring data comprises transferring one or more application policies from the first mobile application to the second mobile application.
10. The method of claim 9 , wherein the application policies include one or more of device hardware, storage access, personal information manager (PIM), and system service policies.
11. The method of claim 1 , wherein transferring the data comprises: encrypting the data using the encryption key; and transferring the encrypted data to the data storage location, wherein one or more of the first mobile application and the second mobile application are configured to retrieve the encrypted data from the data storage location.
12. The method of claim 1 , wherein transferring data comprises: receiving a payload at the first mobile application from a security management platform; and providing the payload securely to the second mobile application via the data storage location, wherein the second mobile application is configured to retrieve the payload from the secure data location.
13. The method of claim 12 , wherein: the payload comprises an encrypted payload generated at the security management platform; and the first encryption information includes encryption information associated with the security management platform.
14. The method of claim 12 , further comprising: configuring the second mobile application to transfer data securely between the second mobile application and at least one enterprise backend server, wherein the second mobile application is configured based at least in part on one or more of application configurations and application policies included in the payload.
15. The method of claim 14 , wherein the data transferred securely between the second mobile application and the enterprise backend server is validated based at least in part on a certificate.
16. The method of claim 14 , wherein the data transferred securely between the second mobile application and the enterprise backend server is managed by one or more of the security management platform and a security enforcement node.
17. The method of claim 12 , further comprising: retrieving the payload at the second mobile application, wherein the payload includes one or more of device information, enterprise information, and installed application information; and executing, by the second mobile application, one or more actions based at least in part on the payload.
18. The method of claim 12 , further comprising: retrieving the payload at the second mobile application, wherein the payload includes one or more application firewall settings; and executing, by the second mobile application, one or more actions based at least in part on the application firewall settings.
19. The method of claim 12 , further comprising: retrieving the payload at the second mobile application, wherein the payload includes one or more commands; and executing, by the second mobile application, one or more actions based at least in part on the commands.
20. The method of claim 1 , further comprising: generating, by the first mobile application, the data storage location on the mobile device.
21. The method of claim 1 , wherein: the first mobile application includes a mobile device management agent; and the second mobile application includes a managed mobile application, wherein the second mobile application is managed by the first mobile application.
22. A system for secure communication between mobile applications, comprising: a processor; and a memory coupled with the processor, wherein the memory is configured to provide the processor with instructions which when executed cause the processor to: provide, from a first mobile application to a second mobile application, via a first communication mechanism on a mobile device, a first encryption information and an identifier associated with a data storage location on the mobile device, wherein the data storage location is not associated with the first communication mechanism, and wherein providing comprises providing information using a uniform resource locator (URL) scheme associated with the second mobile application; retrieve by the first mobile application, from the data storage location, a second encryption information associated with the second mobile application, wherein the second mobile application is configured to provide the second encryption information to the data storage location at least in part in response to receiving the first encryption information and the identifier associated with the data storage location, and wherein the second mobile application is configured to generate and including in the second encryption information an application identifier associated with the second mobile application and an encrypted version of a first encryption key included by the first mobile application in the first encryption information; validate an identity of the second mobile application based at least in part on the application identifier included in the second encryption information; and transfer data securely between the first mobile application and the second mobile application via the data storage location by encrypting the data using a second encryption key included in the second encryption information.
23. A computer program product for secure communication between mobile applications, the computer program product being embodied in a non-transitory tangible computer readable storage medium and comprising computer instructions for: providing, from a first mobile application to a second mobile application, via a first communication mechanism on a mobile device, a first encryption information and an identifier associated with a data storage location on the mobile device, wherein the data storage location is not associated with the first communication mechanism, and wherein providing comprises providing information using a uniform resource locator (URL) scheme associated with the second mobile application; retrieving by the first mobile application, from the data storage location, a second encryption information associated with the second mobile application, wherein the second mobile application is configured to provide the second encryption information to the data storage location at least in part in response to receiving the first encryption information and the identifier associated with the data storage location, and wherein the second mobile application is configured to generate and including in the second encryption information an application identifier associated with the second mobile application and an encrypted version of a first encryption key included by the first mobile application in the first encryption information; validating an identity of the second mobile application based at least in part on the application identifier included in the second encryption information; and transferring data securely between the first mobile application and the second mobile application via the data storage location by encrypting the data using a second encryption key included in the second encryption information.
24. The method of claim 1 , wherein validating the identity of the second mobile application comprises: providing the application identifier to a security management platform; receiving an indication that the second mobile application is valid.
25. The method of claim 1 , wherein validating the identity of the second mobile application comprises: determining, based at least in part on the comparison, that the application identifier matches a stored application identifier; and validating the second mobile application based at least in part on the determined match.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
December 20, 2013
June 16, 2015
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.